云策 WordPress 开发者社区

函数文档

is_protected_endpoint()

查看官方原文 ↗
💡 云策文档标注

概述

is_protected_endpoint() 函数用于判断当前请求的端点是否应受到保护,以防止白屏死机(WSOD)。它检查登录页面、管理后台和受保护的 Ajax 操作,并允许通过过滤器扩展保护范围。

关键要点

  • 函数返回布尔值,true 表示当前端点应受保护。
  • 保护范围包括:wp-login.php 登录页面、非 Ajax 请求的管理后台(is_admin() 且 ! wp_doing_ajax()),以及受保护的 Ajax 操作(通过 is_protected_ajax_action() 判断)。
  • 提供过滤器 'is_protected_endpoint',允许开发者自定义保护逻辑,默认返回 false。
  • 该函数自 WordPress 5.2.0 版本引入,常用于错误处理场景,如 WP_Recovery_Mode 和 WP_Fatal_Error_Handler。

代码示例

function is_protected_endpoint() {
    // Protect login pages.
    if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
        return true;
    }

    // Protect the admin backend.
    if ( is_admin() && ! wp_doing_ajax() ) {
        return true;
    }

    // Protect Ajax actions that could help resolve a fatal error should be available.
    if ( is_protected_ajax_action() ) {
        return true;
    }

    /**
     * Filters whether the current request is against a protected endpoint.
     *
     * This filter is only fired when an endpoint is requested which is not already protected by
     * WordPress core. As such, it exclusively allows providing further protected endpoints in
     * addition to the admin backend, login pages and protected Ajax actions.
     *
     * @since 5.2.0
     *
     * @param bool $is_protected_endpoint Whether the currently requested endpoint is protected.
     *                                    Default false.
     */
    return (bool) apply_filters( 'is_protected_endpoint', false );
}

注意事项

  • 过滤器 'is_protected_endpoint' 仅在端点未被 WordPress 核心保护时触发,用于添加额外的保护端点。
  • 相关函数包括 is_protected_ajax_action()、wp_doing_ajax()、is_admin() 和 apply_filters(),需结合使用以理解完整逻辑。
📄 原文内容

Determines whether we are currently on an endpoint that should be protected against WSODs.

Return

bool True if the current endpoint should be protected.

Source

function is_protected_endpoint() {
	// Protect login pages.
	if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
		return true;
	}

	// Protect the admin backend.
	if ( is_admin() && ! wp_doing_ajax() ) {
		return true;
	}

	// Protect Ajax actions that could help resolve a fatal error should be available.
	if ( is_protected_ajax_action() ) {
		return true;
	}

	/**
	 * Filters whether the current request is against a protected endpoint.
	 *
	 * This filter is only fired when an endpoint is requested which is not already protected by
	 * WordPress core. As such, it exclusively allows providing further protected endpoints in
	 * addition to the admin backend, login pages and protected Ajax actions.
	 *
	 * @since 5.2.0
	 *
	 * @param bool $is_protected_endpoint Whether the currently requested endpoint is protected.
	 *                                    Default false.
	 */
	return (bool) apply_filters( 'is_protected_endpoint', false );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘is_protected_endpoint’, bool $is_protected_endpoint )

Filters whether the current request is against a protected endpoint.

Uses Description
is_protected_ajax_action()wp-includes/load.php

Determines whether we are currently handling an Ajax action that should be protected against WSODs.
wp_doing_ajax()wp-includes/load.php

Determines whether the current request is a WordPress Ajax request.
is_admin()wp-includes/load.php

Determines whether the current request is for an administrative interface page.
apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Show 2 moreShow less

Used by Description
WP_Recovery_Mode::handle_error()wp-includes/class-wp-recovery-mode.php

Handles a fatal error occurring.
WP_Fatal_Error_Handler::display_default_error_template()wp-includes/class-wp-fatal-error-handler.php

Displays the default PHP error template.

Changelog

Version Description
5.2.0 Introduced.